lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1510306113-52337-1-git-send-email-chenjiankang1@huawei.com>
Date:   Fri, 10 Nov 2017 17:28:33 +0800
From:   JianKang Chen <chenjiankang1@...wei.com>
To:     <mhiramat@...nel.org>, <ananth@...ux.vnet.ibm.com>,
        <anil.s.keshavamurthy@...el.com>, <davem@...emloft.net>,
        <linux-kernel@...r.kernel.org>
CC:     <wangkefeng.wang@...wei.com>, <xieyisheng1@...wei.com>
Subject: [PATCH v3] kernel/kprobes: add re-register safe check for register_kretprobe()

From: Chen Jiankang <chenjiankang1@...wei.com>

When there are two same struct kretprobe rp, the INIT_HLIST_HEAD()
will result in a empty list table rp->free_instances. The memory leak
will happen. So it needs to add re-register safe check by
__get_valid_kprobe().

However, current this is not safe for multi-threadings, because
there is still a chance to re-register kretprobe concurrently.
So I add a kretprobe_mutex lock to protect the INIT_LIST_HEAD;

Signed-off-by: Chen Jiankang <chenjiankang1@...wei.com>
---
 kernel/kprobes.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index a1606a4..5ff8f69 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -67,6 +67,7 @@
 
 /* This protects kprobe_table and optimizing_list */
 static DEFINE_MUTEX(kprobe_mutex);
+static DEFINE_MUTEX(kretprobe_mutex);
 static DEFINE_PER_CPU(struct kprobe *, kprobe_instance) = NULL;
 static struct {
 	raw_spinlock_t lock ____cacheline_aligned_in_smp;
@@ -1947,6 +1948,12 @@ int register_kretprobe(struct kretprobe *rp)
 		rp->maxactive = num_possible_cpus();
 #endif
 	}
+
+	mutex_lock(&kretprobe_mutex);
+	if (__get_valid_kprobe(&rp->kp)) {
+		ret = -EINVAL;
+		goto out;
+	}
 	raw_spin_lock_init(&rp->lock);
 	INIT_HLIST_HEAD(&rp->free_instances);
 	for (i = 0; i < rp->maxactive; i++) {
@@ -1954,7 +1961,8 @@ int register_kretprobe(struct kretprobe *rp)
 			       rp->data_size, GFP_KERNEL);
 		if (inst == NULL) {
 			free_rp_inst(rp);
-			return -ENOMEM;
+			ret = -ENOMEM;
+			goto out;
 		}
 		INIT_HLIST_NODE(&inst->hlist);
 		hlist_add_head(&inst->hlist, &rp->free_instances);
@@ -1965,6 +1973,8 @@ int register_kretprobe(struct kretprobe *rp)
 	ret = register_kprobe(&rp->kp);
 	if (ret != 0)
 		free_rp_inst(rp);
+out:
+	mutex_unlock(&kretprobe_mutex);
 	return ret;
 }
 EXPORT_SYMBOL_GPL(register_kretprobe);
-- 
1.7.12.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ